GitHub Actions Support in Harness CI

GitHub Actions let you create custom actions that can perform predefined tasks. Learn how to use them in Harness CI for added extensibility.

Published on
1/27/22

In this article, we will learn about GitHub Actions support in Harness CI and how plugin extensibility helped templatizing action as a plugin step.

GitHub Actions let you create custom actions that can perform predefined tasks. These predefined tasks range from cloning a codebase to building a Docker image and security scanning images. Previously-created actions are present on the GitHub marketplace, with a rich support of over 10k actions.

Harness CI has added support for running GitHub Actions. This addition means that GitHub Actions can be used via the plugin step in a CI pipeline.

Usage

GitHub Actions YAML contains three attributes:

  1. name: Refers to the GitHub repository of the action along with the branch or tag.
  2. with: A map with a key and value as string. These are action inputs.
  3. env: Environment variables passed to the action.

You must copy with, uses, and env attributes in the plugin step settings to use a GitHub action as a plugin in Harness CI. You must also run the step in privileged mode since the GitHub action plugin uses Docker in Docker (dind).

The following is a side-by-side comparison of action YAML in GitHub actions vs Harness CI:

Side-by-Side Comparison of YAML in GitHub Actions vs. Harness CI.

The following are some examples for using actions in Harness CI.

Trivy Scanning Action

Trivy is an open-source scanner for detecting vulnerabilities in container images, git repositories, and much more.

The following example scans “drone/git” container image using trivy in Harness CI.

- step:
identifier: trivy
name: Run Trivy vulnerability scanner
type: Plugin
spec:
connectorRef: dockerhub
image: plugins/GitHub-actions
privileged: true
settings:
uses: aquasecurity/[email protected]
with:
image-ref: drone/git
format: table
exit-code: "1"
ignore-unfixed: "true"
vuln-type: os,library
severity: CRITICAL,HIGH,LOW
env:
CI: true

Trivy GitHub Actions Example

GCS Upload Action

The GCS upload action can be used to upload a file to Google Cloud storage. 

- step:
identifier: gcs-uploader
name: upload file to GCS
type: Plugin
spec:
connectorRef: dockerhub
image: plugins/GitHub-actions
privileged: true
settings:
uses: google-GitHub-actions/[email protected]
with:
path: '/path/to/file'
destination: demo/gcs
credentials: <+stage.variables.GCP_SECRET_KEY_BASE64>

GCP Upload GitHub Actions Example

Git Checkout Action

The git checkout action is used for cloning the GitHub repository codebase. This action can be used to clone one or more git repositories in a single stage in Harness CI.

The following example clones the primary repository present in the trigger payload. It is required to specify GITHUB_TOKEN as an environment variable to the step for cloning private repositories.

- step:
identifier: checkout
name: checkout GitHub action
type: Plugin
spec:
connectorRef: dockerhub
image: plugins/GitHub-actions
privileged: true
settings:
uses: actions/[email protected]
with:
ref: ${{ GitHub.event.pull_request.head.sha }}
event_payload: <+ trigger.eventPayload>
envVariables:
GITHUB_TOKEN: <+secrets.getValue("token")>

Checkout GitHub Actions Example

You must specify the repository name in the plugin step settings to clone a second repository.

- step:
identifier: checkout-repo-by-name
name: checkout GitHub repository by name
type: Plugin
spec:
connectorRef: dockerhub
image: plugins/GitHub-actions
privileged: true
settings:
uses: actions/[email protected]
with:
repository: my-org/my-private-tools
path: my-tools
ref: ${{ GitHub.event.pull_request.head.sha }}
event_payload: <+ trigger.eventPayload>
envVariables:
GITHUB_TOKEN: <+secrets.getValue("token")>

Implementation

GitHub Actions works by cloning the repository specified in the `uses` attribute and executing the steps present in the `action.yml` file from the cloned action code.

The CI plugin for GitHub action uses nektos/act, which is an open-source project to execute GitHub Actions locally. Nektos/act runs a Docker container on which the GitHub action workflow is executed. The CI plugin creates a workflow for the input action step, and then executes it via nektos/act. The following is the link for the plugin source code: https://GitHub.com/drone-plugins/GitHub-actions

Conclusion

We have shown that the extensibility and simplicity of plugins in Harness CI enabled the addition of many actions with just a single plugin. This demonstrates just how pluggable Harness CI can be. I hope you try your favorite action in Harness CI, and possibly create your own plugin for your custom tailored tasks.

For further reading on Harness CI, why not take a gander at our Migrating From Jenkins to Harness CIE piece? 

The Modern Software Delivery Platform™

Loved by Developers, Trusted by Businesses
Get Started

Need more info? Contact Sales